const UserError = require('vn-loopback/util/user-error'); module.exports = Self => { Self.remoteMethodCtx('updateUser', { description: 'Updates the user information', accessType: 'WRITE', accepts: [ { arg: 'id', type: 'number', description: 'The user id' }, { arg: 'name', type: 'string', description: 'the user name' }, { arg: 'email', type: 'any', description: 'the user email' }, { arg: 'active', type: 'boolean', description: 'whether the user is active or not' }, ], http: { path: '/:id/updateUser', verb: 'PATCH' } }); Self.updateUser = async function(ctx, id, options) { const models = Self.app.models; let tx; const myOptions = {}; if (typeof options == 'object') Object.assign(myOptions, options); if (!myOptions.transaction) { tx = await models.VnUser.beginTransaction({}); myOptions.transaction = tx; } try { const canEdit = await models.ACL.checkAccessAcl(ctx, 'Client', 'updateUser', 'WRITE'); if (!canEdit) throw new UserError(`Not enough privileges to edit a client`); const isClient = await models.Client.findById(id, null, myOptions); const isAccount = await models.Account.findById(id, null, myOptions); if (isClient && !isAccount) { const user = await models.VnUser.findById(id, null, myOptions); await user.updateAttributes(ctx.args, myOptions); } else throw new UserError(`Modifiable user details only by an administrator`); if (tx) await tx.commit(); } catch (e) { if (tx) await tx.rollback(); throw e; } }; };